Organizations cannot plan for every disruption. They need to be able to handle changes in their risk environment at a moment's notice and with a predictable level of performance. Organizations can no longer expect to prevent every cyber attack. They must be ready to continue operations and meet their mission when disruption occurs. To accomplish this mission, organizations must take a structured approach to managing security risks, business continuity, and information technology operations within the context of their business objectives. Our team of researchers, cyber risk specialists, and security governance experts works diligently to define best practices and provide
methods for managing operational risk and resilience.

Using a resilience approach, organizations focus on managing risk to critical assets by optimizing both protection and continuity strategies to prepare for a broad range of outcomes. How can your organization become resilient?

We are currently researching new security and resilience improvement capabilities, how to prioritize security spending, the growing impact of cyber risk insurance, and approaches to improving cybersecurity governance.

Engage with Us

There are multiple opportunities for you to engage with us. We offer workshops, training, appraisals, and even opportunities to develop derivative models based on the CERT-RMM.

Publications & Media

09/08/2017Defining a Progress Metric for CERT-RMM ImprovementDescribes the Cybersecurity Program Progress Metric and how its implementation in a large, diverse U.S. national organization can serve to indicate progress toward improving cybersecurity and resilience capabilities.

02/23/2017The CISO AcademyIn this paper, the authors describe the project that led to the creation of the U.S. Postal Service's CISO Academy.

01/31/2017Software Solutions Symposium 2017 - Informational BrochureThe Software Solutions Symposium is a forum for learning about emerging technologies and practical solutions that you can apply today for help with systemic software issues such as assurance, cost, and schedule. March 20-23, 2017. Arlington, VA

Intelligence Preparation for Operational Resilience (IPOR)
This SEI report describes Intelligence Preparation for Operational Resilience (IPOR), a framework for preparing intelligence that complements commonly used intelligence frameworks such as Intelligence Preparation of the Battlefield (IPB).

CYBURGH, PA
The SEI and the Pittsburgh Technology Council sponsored the CYBURGH, PA, a one-day event where Pittsburgh organizations met to discuss pain points, barriers, and solutions related to cybersecurity. Its program is applicable to all audiences: corporations, small business, academic institutions and public sector, especially those interested in learning how to develop a secure cyber domain for their organization.